trojan vundo

**Posty:** 2647 · przez **Bambosz** 08 Maj 2008, 18:18

Witam, mam duży problem, zaczęło sie od bardzo powolnego chodzenia internetu, później o Vundo informował Norton
Uzycie rzeczy podanych w temacie nic nie dało

Log z HJ:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:18:04, on 2008-05-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20772) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\FlashGet\flashget.exe C:\Program Files\Winamp\Winampa.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\eMule\byzato.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\RALINK\Common\RaUI.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Xfire\xfire.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [08bcdeaf] rundll32.exe "C:\WINDOWS\system32\wqmadtfy.dll",b O4 - HKLM\..\Run: [BM0b8fed33] Rundll32.exe "C:\WINDOWS\system32\abcounui.dll",s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\byzato.exe -AutoStart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM') O4 - .DEFAULT Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'Default user') O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user') O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Harmonogram automatycznej usługi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 7398 bytes

**Posty:** 8001 · przez **Okocza** 08 Maj 2008, 18:24

daj loga z combofixa

**Posty:** 2647 · przez **Bambosz** 08 Maj 2008, 18:40

Kod: Zaznacz wszystko: ComboFix 08-05-07.2 - Bartek 2008-05-08 18:30:41.1 - NTFSx86 Running from: C:\Documents and Settings\Bartek\Pulpit\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\011ECD05.bin C:\Program Files\myglobalsearch\bar\Cache\011F076E.bin C:\Program Files\myglobalsearch\bar\Cache\011F35B2.bin C:\Program Files\myglobalsearch\bar\Cache\035D38A8 C:\Program Files\myglobalsearch\bar\Cache\files.ini C:\Program Files\myglobalsearch\bar\History\search C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm C:\WINDOWS\pskt.ini C:\WINDOWS\system32\abcounui.dll C:\WINDOWS\system32\bLknWvut.ini C:\WINDOWS\system32\bLknWvut.ini2 C:\WINDOWS\system32\cikfujxa.ini C:\WINDOWS\system32\ebxtvcjx.dll C:\WINDOWS\system32\geBuSJay.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\qtcimdwr.ini C:\WINDOWS\system32\tuvVLbAP.dll C:\WINDOWS\system32\vassyviq.ini C:\WINDOWS\system32\vmbngcgm.ini C:\WINDOWS\system32\wqmadtfy.dll C:\WINDOWS\system32\yaJSuBeg.ini C:\WINDOWS\system32\yaJSuBeg.ini2 C:\WINDOWS\system32\ydxevemv.ini C:\WINDOWS\system32\yftdamqw.ini . ((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))) . 2008-05-08 16:22 . 2008-05-08 16:22 2,112 --a------ C:\WINDOWS\system32\ccecvwjr.exe 2008-05-07 16:21 . 2008-05-07 16:21 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\Ubisoft 2008-05-07 14:45 . 2008-05-07 14:45 2,112 --a------ C:\WINDOWS\system32\swsumluj.exe 2008-05-07 00:33 . 2008-05-07 00:33 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-05-06 18:32 . 2008-05-06 18:32 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\DivX 2008-05-06 14:37 . 2008-05-06 14:37 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-05-06 12:04 . 2008-03-01 14:35 6,067,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-05-06 12:04 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-05-06 12:04 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-05-06 12:04 . 2008-03-01 14:35 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-05-06 12:04 . 2008-03-01 14:35 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-05-06 12:04 . 2008-03-01 14:35 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-05-06 12:04 . 2008-03-01 14:35 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-05-06 12:04 . 2008-03-01 14:35 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-05-06 12:04 . 2008-02-22 11:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-05-06 10:44 . 2008-05-06 10:44 <DIR> d-------- C:\Program Files\Windows Sidebar 2008-05-06 10:44 . 2008-05-06 10:48 <DIR> d-------- C:\Program Files\Norton AntiVirus 2008-05-06 10:43 . 2008-05-06 10:45 <DIR> d-------- C:\Program Files\Symantec 2008-05-06 10:43 . 2008-05-06 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec 2008-05-06 10:43 . 2008-05-06 10:45 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-05-06 10:43 . 2008-05-06 10:45 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-05-06 10:43 . 2008-05-06 10:45 10,652 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-05-06 10:43 . 2008-05-06 10:45 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-05-06 10:32 . 2008-05-06 13:00 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-05-06 09:20 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-06 09:17 . 2008-05-06 09:17 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-06 09:03 . 2008-05-06 09:03 <DIR> d-------- C:\VundoFix Backups 2008-05-04 08:03 . 2008-05-08 18:28 109,824 --a------ C:\WINDOWS\BM0b8fed33.xml 2008-05-03 19:56 . 2008-05-07 00:41 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-05-03 11:52 . 2008-05-03 11:52 <DIR> d-------- C:\games 2008-05-02 13:30 . 2008-05-04 12:24 <DIR> d-------- C:\Fraps 2008-05-01 15:49 . 2008-05-01 15:49 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-04-28 19:23 . 2008-04-28 19:23 <DIR> d-------- C:\Program Files\Xvid 2008-04-28 19:23 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-04-28 19:23 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-04-28 19:23 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2008-04-28 19:20 . 2008-04-28 19:20 <DIR> d-------- C:\Program Files\DivX 2008-04-28 19:20 . 2008-03-21 22:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2008-04-28 19:20 . 2008-03-21 22:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2008-04-28 19:16 . 2008-04-28 19:16 <DIR> d-------- C:\Program Files\Real Alternative 2008-04-28 14:55 . 2008-04-28 14:55 <DIR> d-------- C:\Program Files\UltraISO 2008-04-28 14:55 . 2008-04-28 14:55 <DIR> d-------- C:\Program Files\Common Files\EZB Systems 2008-04-23 14:50 . 2008-04-23 14:50 <DIR> d-------- C:\NeverwinterNights 2008-04-23 13:25 . 2008-04-23 19:22 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-04-23 13:02 . 2008-04-23 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro 2008-04-23 10:31 . 2008-04-23 10:31 <DIR> d-------- C:\Program Files\Techland 2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-04-22 18:34 . 2008-04-22 18:45 <DIR> d-------- C:\Program Files\PowerStrip 2008-04-22 18:03 . 2008-04-22 18:21 <DIR> d-------- C:\Program Files\Microsoft Games 2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d-------- C:\Program Files\TVUPlayer 2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d-------- C:\Documents and Settings\Bartek\LocalLow 2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\TVU Networks 2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks 2008-04-20 11:08 . 2008-04-20 11:08 <DIR> d-------- C:\Program Files\SopCast 2008-04-18 17:13 . 2008-04-18 17:13 <DIR> d-------- C:\Program Files\Gabest 2008-04-18 17:12 . 2008-05-06 18:48 <DIR> d-------- C:\Program Files\AVI ReComp 2008-04-17 19:06 . 2008-04-17 19:12 <DIR> d-------- C:\Program Files\Ninja Reflex 2008-04-14 21:49 . 2008-04-14 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion 2008-04-13 21:24 . 2008-05-02 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft 2008-04-13 17:34 . 2008-04-13 17:34 <DIR> d-------- C:\Program Files\FDRLab 2008-04-12 18:32 . 2008-04-12 18:32 <DIR> d-------- C:\Program Files\3aLab 2008-04-12 14:13 . 2008-04-12 14:37 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 6 2008-04-12 13:52 . 2008-04-12 13:52 <DIR> d-------- C:\Program Files\Winamp Toolbar 2008-04-12 13:52 . 2008-04-12 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar 2008-04-10 22:56 . 2008-04-10 22:58 <DIR> d-------- C:\Program Files\Easy RealMedia Tools 2008-04-10 22:56 . 2008-04-10 22:56 <DIR> d-------- C:\Program Files\AC3Filter 2008-04-10 18:12 . 2008-04-10 18:12 <DIR> d-------- C:\Program Files\Yahoo! 2008-04-10 18:12 . 2008-04-10 18:12 <DIR> d-------- C:\Program Files\CCleaner 2008-04-09 18:44 . 2008-04-30 17:37 <DIR> d-------- C:\temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-08 16:36 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Hamachi 2008-05-08 16:35 --------- d-----w C:\Program Files\eMule 2008-05-08 16:34 --------- d-----w C:\Program Files\FlashGet 2008-05-08 15:51 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\foobar2000 2008-05-07 13:26 --------- d-----w C:\Program Files\Last.fm 2008-05-06 17:13 --------- d-----w C:\Program Files\Audacity 2008-05-06 15:08 --------- d-----w C:\Program Files\Winamp 2008-05-05 19:19 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Xfire 2008-05-03 15:04 --------- d-----w C:\Program Files\Deutsch Translator 2 2008-05-02 14:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-02 06:07 --------- d-----w C:\Program Files\Xfire 2008-04-29 21:08 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Azureus 2008-04-29 17:53 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Vso 2008-04-28 17:35 823,296 ----a-w C:\WINDOWS\isRS-000.tmp 2008-04-28 17:35 --------- d-----r C:\Program Files\K-Lite Codec Pack 2008-04-28 17:04 --------- d-----r C:\Program Files\SubEdit-Player 2008-04-23 11:24 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-23 11:02 --------- d-----w C:\Program Files\DAEMON Tools Pro 2008-04-22 16:55 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Microsoft Games 2008-04-22 14:35 --------- d-----w C:\Program Files\Wiedźmin 2008-04-18 16:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-18 16:35 22,328 ----a-w C:\Documents and Settings\Bartek\Dane aplikacji\PnkBstrK.sys 2008-04-18 16:35 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-04-18 16:34 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-04-18 16:34 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe 2008-04-18 15:12 --------- d-----w C:\Program Files\AviSynth 2.5 2008-04-13 18:36 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Bioshock 2008-04-12 12:13 729,088 ----a-w C:\WINDOWS\iun6002.exe 2008-04-09 16:25 --------- d-----w C:\Program Files\THQ 2008-04-08 14:00 --------- d-----w C:\Program Files\BearShare 2008-04-08 13:08 --------- d-----w C:\Program Files\foobar2000 2008-04-07 15:16 --------- d-----w C:\Program Files\AlienGUIse 2008-04-07 15:13 --------- d-----w C:\Program Files\Common Files\Stardock 2008-04-07 14:09 --------- d-----w C:\Program Files\Trend Micro 2008-04-06 11:44 --------- d-----w C:\Program Files\Active Ports 2008-04-06 09:35 --------- d-----w C:\Program Files\VirtualDubMod 2008-04-06 09:24 --------- d-----w C:\Program Files\MKVtoolnix 2008-04-06 08:46 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\uTorrent 2008-04-06 08:27 --------- d-----w C:\Program Files\BitComet 2008-04-02 19:26 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-04-02 18:53 --------- d-----w C:\Program Files\mIRC 2008-04-01 22:28 2,102,272 ----a-w C:\WINDOWS\system32\x264vfw.dll 2008-04-01 13:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles 2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-28 21:19 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe 2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2008-03-26 06:50 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe 2008-03-25 14:42 --------- d-----w C:\Program Files\Futuremark 2008-03-25 13:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-25 13:09 --------- d-----w C:\Program Files\directx 2008-03-25 12:29 --------- d-----w C:\Program Files\MadOnion.com 2008-03-23 20:59 --------- d-----w C:\Program Files\Common Files\Enterbrain 2008-03-23 09:05 --------- d-----w C:\Program Files\MoorHunt 2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-21 18:44 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-20 20:39 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\mIRC 2008-03-20 12:36 --------- d-----w C:\Program Files\English Translator 3 2008-03-20 08:01 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-16 23:14 --------- d-----w C:\Program Files\BestGameEver 2008-03-15 15:24 --------- d-----w C:\Program Files\ImTOO 2008-03-14 19:25 --------- d-----w C:\Program Files\RipCast 1.9 2008-03-12 15:15 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\MegauploadToolbar 2008-03-02 20:56 215,144 ----a-w C:\WINDOWS\patchw32.dll 2008-03-01 12:35 827,392 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-25 13:38 418,480 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-02-25 13:38 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-02-20 18:53 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 06:53 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-01-29 17:51 87,608 ----a-w C:\Documents and Settings\Bartek\Dane aplikacji\inst.exe 2008-01-29 17:51 47,360 ----a-w C:\Documents and Settings\Bartek\Dane aplikacji\pcouffin.sys 2008-01-22 11:31 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2008-01-22 11:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat 2008-01-22 11:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008012220080123\index.dat 2008-01-22 11:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-05-06 11:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:21 1694208] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360] "DAEMON Tools Pro Agent"="D:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 14:45 133576] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "eMuleAutoStart"="C:\Program Files\eMule\byzato.exe" [2007-05-13 16:57 5308416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40 155648] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 10:10 2007088] "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07 51048] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 22:53 714608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="regsvr32 /s /n /i:U shell32" [] C:\Documents and Settings\Bartek\Menu Start\Programy\Autostart\ hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-02-22 21:56:07 624416] Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-23 00:29:52 2998608] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-02-21 18:54:15 1142784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\agnitum\outpos~1\wl_hook.dll,wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll "vidc.yv12"= yv12vfw.dll "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\BitTornado\\btdownloadgui.exe"= "C:\\Program Files\\BitLord2\\BitLord.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\The All-Seeing Eye\\eye.exe"= "C:\\Program Files\\Xfire\\xfire.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "50910:TCP"= 50910:TCP:eMule "24214:UDP"= 24214:UDP:eMule R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32] S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-22 14:18] . Contents of the 'Scheduled Tasks' folder "2008-05-06 08:50:34 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Bartek.job"

**Posty:** 8001 · przez **Okocza** 08 Maj 2008, 19:02

wklej cały log bo jest urwany

poczekaj aż wygeneruje się cały ';)

**Posty:** 2647 · przez **Bambosz** 08 Maj 2008, 19:16

teraz chyba cały:

ComboFix 08-05-07.2 - Bartek 2008-05-08 19:09:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1477 [GMT 2:00]
Running from: C:\Documents and Settings\Bartek\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------[/code]
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\011ECD05.bin
C:\Program Files\myglobalsearch\bar\Cache\011F076E.bin
C:\Program Files\myglobalsearch\bar\Cache\011F35B2.bin
C:\Program Files\myglobalsearch\bar\Cache\035D38A8
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abcounui.dll
C:\WINDOWS\system32\bLknWvut.ini
C:\WINDOWS\system32\bLknWvut.ini2
C:\WINDOWS\system32\cikfujxa.ini
C:\WINDOWS\system32\ebxtvcjx.dll
C:\WINDOWS\system32\geBuSJay.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qtcimdwr.ini
C:\WINDOWS\system32\tuvVLbAP.dll
C:\WINDOWS\system32\vassyviq.ini
C:\WINDOWS\system32\vmbngcgm.ini
C:\WINDOWS\system32\wqmadtfy.dll
C:\WINDOWS\system32\yaJSuBeg.ini
C:\WINDOWS\system32\yaJSuBeg.ini2
C:\WINDOWS\system32\ydxevemv.ini
C:\WINDOWS\system32\yftdamqw.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.

2008-05-08 16:22 . 2008-05-08 16:22 2,112 --a------ C:\WINDOWS\system32\ccecvwjr.exe
2008-05-07 16:21 . 2008-05-07 16:21 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\Ubisoft
2008-05-07 14:45 . 2008-05-07 14:45 2,112 --a------ C:\WINDOWS\system32\swsumluj.exe
2008-05-07 00:33 . 2008-05-07 00:33 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-06 18:32 . 2008-05-06 18:32 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\DivX
2008-05-06 14:37 . 2008-05-06 14:37 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-06 12:04 . 2008-03-01 14:35 6,067,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-06 12:04 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-06 12:04 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-06 12:04 . 2008-03-01 14:35 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-06 12:04 . 2008-03-01 14:35 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-06 12:04 . 2008-03-01 14:35 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-06 12:04 . 2008-03-01 14:35 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-06 12:04 . 2008-03-01 14:35 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-06 12:04 . 2008-02-22 11:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-06 10:44 . 2008-05-06 10:44 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-05-06 10:44 . 2008-05-06 10:48 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-06 10:43 . 2008-05-06 10:45 <DIR> d-------- C:\Program Files\Symantec
2008-05-06 10:43 . 2008-05-06 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-05-06 10:43 . 2008-05-06 10:45 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-06 10:43 . 2008-05-06 10:45 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-06 10:43 . 2008-05-06 10:45 10,652 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-06 10:43 . 2008-05-06 10:45 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-06 10:32 . 2008-05-06 13:00 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-06 09:20 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-06 09:17 . 2008-05-06 09:17 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-06 09:03 . 2008-05-06 09:03 <DIR> d-------- C:\VundoFix Backups
2008-05-04 08:03 . 2008-05-08 18:28 109,824 --a------ C:\WINDOWS\BM0b8fed33.xml
2008-05-03 19:56 . 2008-05-07 00:41 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-05-03 11:52 . 2008-05-03 11:52 <DIR> d-------- C:\games
2008-05-02 13:30 . 2008-05-04 12:24 <DIR> d-------- C:\Fraps
2008-05-01 15:49 . 2008-05-01 15:49 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-28 19:23 . 2008-04-28 19:23 <DIR> d-------- C:\Program Files\Xvid
2008-04-28 19:23 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-28 19:23 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-28 19:23 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-28 19:20 . 2008-04-28 19:20 <DIR> d-------- C:\Program Files\DivX
2008-04-28 19:20 . 2008-03-21 22:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-04-28 19:20 . 2008-03-21 22:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-04-28 19:16 . 2008-04-28 19:16 <DIR> d-------- C:\Program Files\Real Alternative
2008-04-28 14:55 . 2008-04-28 14:55 <DIR> d-------- C:\Program Files\UltraISO
2008-04-28 14:55 . 2008-04-28 14:55 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-04-23 14:50 . 2008-04-23 14:50 <DIR> d-------- C:\NeverwinterNights
2008-04-23 13:25 . 2008-04-23 19:22 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-23 13:02 . 2008-04-23 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
2008-04-23 10:31 . 2008-04-23 10:31 <DIR> d-------- C:\Program Files\Techland
2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-22 18:34 . 2008-04-22 18:45 <DIR> d-------- C:\Program Files\PowerStrip
2008-04-22 18:03 . 2008-04-22 18:21 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d-------- C:\Program Files\TVUPlayer
2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d-------- C:\Documents and Settings\Bartek\LocalLow
2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\TVU Networks
2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks
2008-04-20 11:08 . 2008-04-20 11:08 <DIR> d-------- C:\Program Files\SopCast
2008-04-18 17:13 . 2008-04-18 17:13 <DIR> d-------- C:\Program Files\Gabest
2008-04-18 17:12 . 2008-05-06 18:48 <DIR> d-------- C:\Program Files\AVI ReComp
2008-04-17 19:06 . 2008-04-17 19:12 <DIR> d-------- C:\Program Files\Ninja Reflex
2008-04-14 21:49 . 2008-04-14 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2008-04-13 21:24 . 2008-05-02 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-04-13 17:34 . 2008-04-13 17:34 <DIR> d-------- C:\Program Files\FDRLab
2008-04-12 18:32 . 2008-04-12 18:32 <DIR> d-------- C:\Program Files\3aLab
2008-04-12 14:13 . 2008-04-12 14:37 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 6
2008-04-12 13:52 . 2008-04-12 13:52 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-04-12 13:52 . 2008-04-12 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-04-10 22:56 . 2008-04-10 22:58 <DIR> d-------- C:\Program Files\Easy RealMedia Tools
2008-04-10 22:56 . 2008-04-10 22:56 <DIR> d-------- C:\Program Files\AC3Filter
2008-04-10 18:12 . 2008-04-10 18:12 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-10 18:12 . 2008-04-10 18:12 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 18:44 . 2008-04-30 17:37 <DIR> d-------- C:\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 17:05 --------- d-----w C:\Program Files\FlashGet
2008-05-08 16:36 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Hamachi
2008-05-08 16:35 --------- d-----w C:\Program Files\eMule
2008-05-08 15:51 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\foobar2000
2008-05-07 13:26 --------- d-----w C:\Program Files\Last.fm
2008-05-06 17:13 --------- d-----w C:\Program Files\Audacity
2008-05-06 15:08 --------- d-----w C:\Program Files\Winamp
2008-05-05 19:19 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Xfire
2008-05-03 15:04 --------- d-----w C:\Program Files\Deutsch Translator 2
2008-05-02 14:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 06:07 --------- d-----w C:\Program Files\Xfire
2008-04-29 21:08 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Azureus
2008-04-29 17:53 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Vso
2008-04-28 17:35 823,296 ----a-w C:\WINDOWS\isRS-000.tmp
2008-04-28 17:35 --------- d-----r C:\Program Files\K-Lite Codec Pack
2008-04-28 17:04 --------- d-----r C:\Program Files\SubEdit-Player
2008-04-23 11:24 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-23 11:02 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-04-22 16:55 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Microsoft Games
2008-04-22 14:35 --------- d-----w C:\Program Files\Wiedźmin
2008-04-18 16:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-18 16:35 22,328 ----a-w C:\Documents and Settings\Bartek\Dane aplikacji\PnkBstrK.sys
2008-04-18 16:35 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-18 16:34 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-18 16:34 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-04-18 15:12 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-13 18:36 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Bioshock
2008-04-12 12:13 729,088 ----a-w C:\WINDOWS\iun6002.exe
2008-04-09 16:25 --------- d-----w C:\Program Files\THQ
2008-04-08 14:00 --------- d-----w C:\Program Files\BearShare
2008-04-08 13:08 --------- d-----w C:\Program Files\foobar2000
2008-04-07 15:16 --------- d-----w C:\Program Files\AlienGUIse
2008-04-07 15:13 --------- d-----w C:\Program Files\Common Files\Stardock
2008-04-07 14:09 --------- d-----w C:\Program Files\Trend Micro
2008-04-06 11:44 --------- d-----w C:\Program Files\Active Ports
2008-04-06 09:35 --------- d-----w C:\Program Files\VirtualDubMod
2008-04-06 09:24 --------- d-----w C:\Program Files\MKVtoolnix
2008-04-06 08:46 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\uTorrent
2008-04-06 08:27 --------- d-----w C:\Program Files\BitComet
2008-04-02 19:26 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-04-02 18:53 --------- d-----w C:\Program Files\mIRC
2008-04-01 22:28 2,102,272 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-04-01 13:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-28 21:19 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-26 06:50 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-03-25 14:42 --------- d-----w C:\Program Files\Futuremark
2008-03-25 13:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-25 13:09 --------- d-----w C:\Program Files\directx
2008-03-25 12:29 --------- d-----w C:\Program Files\MadOnion.com
2008-03-23 20:59 --------- d-----w C:\Program Files\Common Files\Enterbrain
2008-03-23 09:05 --------- d-----w C:\Program Files\MoorHunt
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-21 18:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-20 20:39 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\mIRC
2008-03-20 12:36 --------- d-----w C:\Program Files\English Translator 3
2008-03-20 08:01 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 23:14 --------- d-----w C:\Program Files\BestGameEver
2008-03-15 15:24 --------- d-----w C:\Program Files\ImTOO
2008-03-14 19:25 --------- d-----w C:\Program Files\RipCast 1.9
2008-03-12 15:15 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\MegauploadToolbar
2008-03-02 20:56 215,144 ----a-w C:\WINDOWS\patchw32.dll
2008-03-01 12:35 827,392 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-25 13:38 418,480 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-02-25 13:38 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-02-20 18:53 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 06:53 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-01-29 17:51 87,608 ----a-w C:\Documents and Settings\Bartek\Dane aplikacji\inst.exe
2008-01-29 17:51 47,360 ----a-w C:\Documents and Settings\Bartek\Dane aplikacji\pcouffin.sys
2008-01-22 11:31 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-01-22 11:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
2008-01-22 11:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008012220080123\index.dat
2008-01-22 11:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-06 11:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:21 1694208]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]
"DAEMON Tools Pro Agent"="D:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 14:45 133576]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"eMuleAutoStart"="C:\Program Files\eMule\byzato.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 10:10 2007088]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 22:53 714608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []

C:\Documents and Settings\Bartek\Menu Start\Programy\Autostart\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-02-22 21:56:07 624416]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-23 00:29:52 2998608]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-02-21 18:54:15 1142784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\agnitum\outpos~1\wl_hook.dll,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\BitLord2\\BitLord.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50910:TCP"= 50910:TCP:eMule
"24214:UDP"= 24214:UDP:eMule

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-22 14:18]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 08:50:34 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Bartek.job"
- C:\Program Files\Norton AntiVirus\Navw32.exef/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 19:10:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-08 19:11:10
ComboFix-quarantined-files.txt 2008-05-08 17:11:07

Pre-Run: 3,173,330,944 bajtów wolnych
Post-Run: 3,165,544,448 bajtów wolnych

321 --- E O F --- 2008-05-06 22:41:26

**Posty:** 18165 · przez **wojtas** 08 Maj 2008, 19:18

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\ccecvwjr.exe
C:\WINDOWS\system32\swsumluj.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\BM0b8fed33.xml
C:\WINDOWS\isRS-000.tmp

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

**Posty:** 2647 · przez **Bambosz** 08 Maj 2008, 19:28

ComboFix 08-05-07.2 - Bartek 2008-05-08 19:24:26.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1459 [GMT 2:00]
Running from: C:\Documents and Settings\Bartek\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bartek\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM0b8fed33.xml
C:\WINDOWS\isRS-000.tmp
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\ccecvwjr.exe
C:\WINDOWS\system32\swsumluj.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Bartek\Dane aplikacji\inst.exe
C:\WINDOWS\BM0b8fed33.xml
C:\WINDOWS\isRS-000.tmp
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\ccecvwjr.exe
C:\WINDOWS\system32\swsumluj.exe
C:\WINDOWS\system32\tmp43.tmp
C:\WINDOWS\system32\tmp44.tmp

.
((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.

2008-05-07 16:21 . 2008-05-07 16:21 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\Ubisoft
2008-05-07 00:33 . 2008-05-07 00:33 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-06 18:32 . 2008-05-06 18:32 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\DivX
2008-05-06 14:37 . 2008-05-06 14:37 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-06 12:04 . 2008-03-01 14:35 6,067,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-06 12:04 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-06 12:04 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-06 12:04 . 2008-03-01 14:35 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-06 12:04 . 2008-03-01 14:35 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-06 12:04 . 2008-03-01 14:35 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-06 12:04 . 2008-03-01 14:35 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-06 12:04 . 2008-03-01 14:35 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-06 12:04 . 2008-02-22 11:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-06 10:44 . 2008-05-06 10:44 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-05-06 10:44 . 2008-05-06 10:48 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-06 10:43 . 2008-05-06 10:45 <DIR> d-------- C:\Program Files\Symantec
2008-05-06 10:43 . 2008-05-06 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-05-06 10:43 . 2008-05-06 10:45 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-06 10:43 . 2008-05-06 10:45 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-06 10:43 . 2008-05-06 10:45 10,652 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-06 10:43 . 2008-05-06 10:45 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-06 10:32 . 2008-05-06 13:00 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-06 09:17 . 2008-05-06 09:17 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-06 09:03 . 2008-05-06 09:03 <DIR> d-------- C:\VundoFix Backups
2008-05-03 19:56 . 2008-05-07 00:41 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-05-03 11:52 . 2008-05-03 11:52 <DIR> d-------- C:\games
2008-05-02 13:30 . 2008-05-04 12:24 <DIR> d-------- C:\Fraps
2008-05-01 15:49 . 2008-05-01 15:49 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-28 19:23 . 2008-04-28 19:23 <DIR> d-------- C:\Program Files\Xvid
2008-04-28 19:23 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-28 19:23 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-28 19:23 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-28 19:20 . 2008-04-28 19:20 <DIR> d-------- C:\Program Files\DivX
2008-04-28 19:20 . 2008-03-21 22:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-04-28 19:20 . 2008-03-21 22:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-04-28 19:16 . 2008-04-28 19:16 <DIR> d-------- C:\Program Files\Real Alternative
2008-04-28 14:55 . 2008-04-28 14:55 <DIR> d-------- C:\Program Files\UltraISO
2008-04-28 14:55 . 2008-04-28 14:55 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-04-23 14:50 . 2008-04-23 14:50 <DIR> d-------- C:\NeverwinterNights
2008-04-23 13:25 . 2008-04-23 19:22 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-23 13:02 . 2008-04-23 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
2008-04-23 10:31 . 2008-04-23 10:31 <DIR> d-------- C:\Program Files\Techland
2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-22 18:34 . 2008-04-22 18:45 <DIR> d-------- C:\Program Files\PowerStrip
2008-04-22 18:03 . 2008-04-22 18:21 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d-------- C:\Program Files\TVUPlayer
2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d-------- C:\Documents and Settings\Bartek\LocalLow
2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\TVU Networks
2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks
2008-04-20 11:08 . 2008-04-20 11:08 <DIR> d-------- C:\Program Files\SopCast
2008-04-18 17:13 . 2008-04-18 17:13 <DIR> d-------- C:\Program Files\Gabest
2008-04-18 17:12 . 2008-05-06 18:48 <DIR> d-------- C:\Program Files\AVI ReComp
2008-04-17 19:06 . 2008-04-17 19:12 <DIR> d-------- C:\Program Files\Ninja Reflex
2008-04-14 21:49 . 2008-04-14 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2008-04-13 21:24 . 2008-05-02 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-04-13 17:34 . 2008-04-13 17:34 <DIR> d-------- C:\Program Files\FDRLab
2008-04-12 18:32 . 2008-04-12 18:32 <DIR> d-------- C:\Program Files\3aLab
2008-04-12 14:13 . 2008-04-12 14:37 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 6
2008-04-12 13:52 . 2008-04-12 13:52 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-04-12 13:52 . 2008-04-12 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-04-10 22:56 . 2008-04-10 22:58 <DIR> d-------- C:\Program Files\Easy RealMedia Tools
2008-04-10 22:56 . 2008-04-10 22:56 <DIR> d-------- C:\Program Files\AC3Filter
2008-04-10 18:12 . 2008-04-10 18:12 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-10 18:12 . 2008-04-10 18:12 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 18:44 . 2008-04-30 17:37 <DIR> d-------- C:\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 17:25 --------- d-----w C:\Program Files\FlashGet
2008-05-08 16:36 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Hamachi
2008-05-08 16:35 --------- d-----w C:\Program Files\eMule
2008-05-08 15:51 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\foobar2000
2008-05-07 13:26 --------- d-----w C:\Program Files\Last.fm
2008-05-06 17:13 --------- d-----w C:\Program Files\Audacity
2008-05-06 15:08 --------- d-----w C:\Program Files\Winamp
2008-05-05 19:19 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Xfire
2008-05-03 15:04 --------- d-----w C:\Program Files\Deutsch Translator 2
2008-05-02 14:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 06:07 --------- d-----w C:\Program Files\Xfire
2008-04-29 21:08 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Azureus
2008-04-29 17:53 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Vso
2008-04-28 17:35 --------- d-----r C:\Program Files\K-Lite Codec Pack
2008-04-28 17:04 --------- d-----r C:\Program Files\SubEdit-Player
2008-04-23 11:24 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-23 11:02 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-04-22 16:55 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Microsoft Games
2008-04-22 14:35 --------- d-----w C:\Program Files\Wiedźmin
2008-04-18 16:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-18 16:35 22,328 ----a-w C:\Documents and Settings\Bartek\Dane aplikacji\PnkBstrK.sys
2008-04-18 16:35 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-18 16:34 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-18 16:34 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-04-18 15:12 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-13 18:36 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Bioshock
2008-04-12 12:13 729,088 ----a-w C:\WINDOWS\iun6002.exe
2008-04-09 16:25 --------- d-----w C:\Program Files\THQ
2008-04-08 14:00 --------- d-----w C:\Program Files\BearShare
2008-04-08 13:08 --------- d-----w C:\Program Files\foobar2000
2008-04-07 15:16 --------- d-----w C:\Program Files\AlienGUIse
2008-04-07 15:13 --------- d-----w C:\Program Files\Common Files\Stardock
2008-04-07 14:09 --------- d-----w C:\Program Files\Trend Micro
2008-04-06 11:44 --------- d-----w C:\Program Files\Active Ports
2008-04-06 09:35 --------- d-----w C:\Program Files\VirtualDubMod
2008-04-06 09:24 --------- d-----w C:\Program Files\MKVtoolnix
2008-04-06 08:46 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\uTorrent
2008-04-06 08:27 --------- d-----w C:\Program Files\BitComet
2008-04-02 19:26 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-04-02 18:53 --------- d-----w C:\Program Files\mIRC
2008-04-01 22:28 2,102,272 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-04-01 13:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-28 21:19 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-26 06:50 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-03-25 14:42 --------- d-----w C:\Program Files\Futuremark
2008-03-25 13:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-25 13:09 --------- d-----w C:\Program Files\directx
2008-03-25 12:29 --------- d-----w C:\Program Files\MadOnion.com
2008-03-23 20:59 --------- d-----w C:\Program Files\Common Files\Enterbrain
2008-03-23 09:05 --------- d-----w C:\Program Files\MoorHunt
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-21 18:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-20 20:39 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\mIRC
2008-03-20 12:36 --------- d-----w C:\Program Files\English Translator 3
2008-03-20 08:01 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 23:14 --------- d-----w C:\Program Files\BestGameEver
2008-03-15 15:24 --------- d-----w C:\Program Files\ImTOO
2008-03-14 19:25 --------- d-----w C:\Program Files\RipCast 1.9
2008-03-12 15:15 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\MegauploadToolbar
2008-03-02 20:56 215,144 ----a-w C:\WINDOWS\patchw32.dll
2008-03-01 12:35 827,392 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-25 13:38 418,480 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-02-25 13:38 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-02-20 18:53 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 06:53 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-01-29 17:51 47,360 ----a-w C:\Documents and Settings\Bartek\Dane aplikacji\pcouffin.sys
2008-01-22 11:31 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-01-22 11:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
2008-01-22 11:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008012220080123\index.dat
2008-01-22 11:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-06 11:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:21 1694208]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]
"DAEMON Tools Pro Agent"="D:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 14:45 133576]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"eMuleAutoStart"="C:\Program Files\eMule\byzato.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 10:10 2007088]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 23:07 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 22:53 714608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []

C:\Documents and Settings\Bartek\Menu Start\Programy\Autostart\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-02-22 21:56:07 624416]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-23 00:29:52 2998608]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-02-21 18:54:15 1142784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\agnitum\outpos~1\wl_hook.dll,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\BitLord2\\BitLord.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50910:TCP"= 50910:TCP:eMule
"24214:UDP"= 24214:UDP:eMule

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-22 14:18]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 08:50:34 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Bartek.job"
- C:\Program Files\Norton AntiVirus\Navw32.exef/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 19:25:13
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-08 19:25:41
ComboFix-quarantined-files.txt 2008-05-08 17:25:37
ComboFix2.txt 2008-05-08 17:11:11

Pre-Run: 3,172,921,344 bajtów wolnych
Post-Run: 3,164,631,040 bajtów wolnych

299 --- E O F --- 2008-05-06 22:41:26

**Posty:** 18165 · przez **wojtas** 08 Maj 2008, 19:30

Czysto, wykonaj:

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

Autor postu otrzymał pochwałę

trojan vundo

trojan vundo

Kto jest na forum